Insider Threats Responsible for 43% of Data Breaches

Among companies experiencing data breaches (and that is to say, a majority), internal actors were responsible for 43% of data loss, half of which was intentional, and half accidental.

That’s a staggering amount of risk lingering inside organizations, especially when one considers that the report, from Intel, also revealed that security professionals have experienced an average of six significant security breaches each.

Interestingly, insider threats aren’t recognized as the gaping issue that they are. Breaches perpetrated by disgruntled employees and other forms of inside jobs come in at sixth place for most of the world in terms of security concerns, except in Asia-Pacific, where it’s No. 2. Cloud deployments, in contrast, brought with them increased anxiety of more security breaches, although there was no indication of increased risk with cloud applications.

Intel also found that in 68% of data breach incidents, the data exfiltrated from the network was serious enough to require public disclosure or have a negative financial impact on the company. The same was true for 70% of incidents in smaller commercial organizations, and in 61% of breaches in enterprises.

The average number of breaches was highest in Asia-Pacific organizations, and lowest in UK and US enterprises. More than 10% of Asia-Pacific companies reported over 20 breaches, compared to just above 1% of North American and 4% of UK enterprises reporting more than 20 breaches.

“Most security studies and statistics focus on infiltration: how attackers are getting past security defenses and into the network,” explained Intel, in the report. “That part of the attack is more visible, compromising machines and triggering events and alarms in the security operations center. Until now, there has been very little information available on the less visible act of data exfiltration: how attackers are removing data. Whether you see it or not, data exfiltration is a real risk for most organizations.”

Consistent with previous studies, privacy and confidentiality of customer and employee data were the biggest concern, and poor security practices the biggest challenge in the face of increasingly sophisticated attacks. In practice—no surprise here—personal information from customers and employees is the No. 1 target (62%), as the value of private personal data surpasses even that of credit cards.

One quarter (25%) of data exfiltrations used file transfer or tunneling protocols, such as FTP or SCP, and 32% of data exfiltrations were encrypted. Microsoft Office documents were the most common format of stolen data (25%).

About 64% of security professionals felt data loss prevention (DLP) technology could have prevented their data exfiltration events; respondents using DLP had a strong correlation with internal teams detecting and preventing data theft.

Interestingly, the theft of physical media is still quite common, implicated in 40% of exfiltrations.